amazon-vpc-cni-k8s
istio
amazon-vpc-cni-k8s | istio | |
---|---|---|
12 | 88 | |
2,201 | 35,049 | |
0.8% | 1.0% | |
9.2 | 10.0 | |
8 days ago | 6 days ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
amazon-vpc-cni-k8s
- How does configuring AWS EKS works?
-
EKS Worker Nodes on RHEL 8?
The same approach hasn't worked very well or very consistently with RHEL. I'm using containerd as the runtime. Because iptables-legacy is hardcoded out of RHEL 8, I'm using iptables-nft (installed on OS). I use Terraform to deploy the cluster and provide configuration values to tell vpc-cni to enable nftables (noted at the bottom here: https://github.com/aws/amazon-vpc-cni-k8s/blob/master/docs/troubleshooting.md), as well as to install and enable ipvs on kube-proxy.
-
New-Amazon EKS and Amazon EKS Distro now support Kubernetes version 1.26
Virtual Private Cloud (VPC) Container Network Interface (CNI) plugin. You must upgrade your VPC CNI plugin version to 1.12 or higher. Earlier versions of the VPC CNI will cause the CNI to crash, because it relied on the CRI v1alpha2API, which has been removed from Kubernetes v1.26. For step-by-step instructions to upgrade the VPC CNI in your cluster, refer to Working with the Amazon VPC CNI plugin for Kubernetes Amazon EKS add-on.
-
Blog: KWOK: Kubernetes WithOut Kubelet
I believe you're correct, although pedantically that would only apply if one is using their vpc-cni <https://github.com/aws/amazon-vpc-cni-k8s#readme> and not with a competing CNI. Kubelet offers a configurable for the number of Pods per Node <https://github.com/kubernetes/kubelet/blob/v0.26.2/config/v1...> which defaults to 110 for what I would presume is CIDR or pid cgroups reasons and thus is unlikely to differ by instance size as the ENI limit you mention does (IIRC)
-
Pods stuck in ContainerCreating with "failed to assign an IP address to container"
Upgraded to v1.12 on EKS and CNI 1.5.0. This issue was closed stating CNI 1.5.0 solved the issue. It did not for us. In another thread leaking ENIs was blamed but was also closed due to CNI upgrade.
-
How to understand the IP and host of client under company's VPN
Take a look a the github repo for the EKS CNI I think the parameter AWS_VPC_K8S_CNI_RANDOMIZESNAT will address the port issue. We had a similar problem and this worked around it. (we did end up solving it another way)
-
EKS and the quest for IP addresses: Secondary CIDR ranges and private NAT gateways
EKS, the managed Kubernetes offering by AWS, by default uses the Amazon VPC CNI plugin for Kubernetes. Different to most networking implementations, this assigns each pod a dedicated IP address in the VPC, the network the nodes reside in.
- aws/amazon-vpc-cni-k8s: Networking plugin repository for pod networking in Kubernetes using Elastic Network Interfaces on AWS
-
EKS Cluster Nodes stuck in NotReady state (missing cni config/binary)
You might be able to get better help or research closed issues on the github issues page. https://github.com/aws/amazon-vpc-cni-k8s/issues . Are you able to scale up your old node group with the smaller instance size and see if it works. The few times I hit issues around the network not being ready on a worker node in EKS, it ended up being permission related issue. Wondering if there are some missing permissions on the new node group role or on the aws-node iam role. Make sure the aws-node role has AmazonEKS_CNI_Policy policy attached to it.
-
EKS VPC CNI add-on: Support for high pod density in node
By default, the number of IP addresses available to assign to pods is based on the number of IP addresses assigned to Elastic network interfaces and the number of network interfaces attached to your Amazon EC2 node. The Amazon VPC CNI add-on (v1.9.0 or later) can be configured to assign /28 (16 IP addresses) IP address prefixes, instead of assigning individual IP addresses to network interfaces.
istio
-
Multi-region YugabyteDB deployment on AWS EKS with Istio
AWS EKS provides a managed Kubernetes service, simplifying cluster management and deployment. Istio, an open-source service mesh, enables traffic management, security, and observability across microservices.
-
Improve your EKS cluster with Istio and Cilium : Better networking and security
Istio is a popular open-source service mesh framework that provides a comprehensive solution for managing, securing, and observing microservices-based applications running on Kubernetes.
-
Optimal JMX Exposure Strategy for Kubernetes Multi-Node Architecture
Leverage a service mesh like Istio or Linkerd to manage communication between microservices within the Kubernetes cluster. These service meshes can be configured to intercept JMX traffic and enforce access control policies. Benefits:
-
Open Source Ascendant: The Transformation of Software Development in 2024
Open Source and Cloud Computing: A Match Made in Heaven The cloud is accelerating OSS adoption. Cloud-native technologies like Kubernetes [https://kubernetes.io/] and Istio [https://istio.io/], both open-source projects, are revolutionizing how applications are built and deployed across cloud platforms.
-
Delving Deeper: Enriching Microservices with Golang with CloudWeGo
Consider the case of Bookinfo, a sample application provided by Istio, rewritten using CloudWeGo's Kitex for superior performance and extensibility.
-
How to Build & Deploy Scalable Microservices with NodeJS, TypeScript and Docker || A Comprehesive Guide
It is a dedicated infrastructure layer that manages service-to-service communication, providing features like load balancing, encryption, authentication, and monitoring. Istio deploys sidecar proxies alongside each microservice instance. These proxies handle communication, providing features like load balancing, service discovery, encryption, monitoring and authentication.
-
Caddy for Certs and Istio for Reverse Proxy
5Y old post that sounds like they've done similar here: Caddy Issue Istio Issue but doesn't cover much of the implementation
- Understanding Istio: A Beginner's Guide to Service Mesh
-
Developer’s Guide to Building Kubernetes Cloud Apps ☁️🚀
In a production environment there will be a load balancer setup with an Ingress Controller, Service Mesh or some type of Custom Router. This allows all traffic to be sent to the single load balancer IP address and then route the traffic to a service based on the Domain name or subpath. We are using a NGINX ingress controller but service meshes like Istio have been becoming the most popular solution to use as they offer more segmentation, security and granular control.
-
Progressive Delivery on AKS: A Step-by-Step Guide using Flagger with Istio and FluxCD
Flagger is a progressive delivery tool that enables a Kubernetes operator to automate the promotion or rollback of deployments based on metrics analysis. It supports a variety of metrics including Prometheus, Datadog, and New Relic to name a few. It also works well with Istio service mesh, and can implement progressive traffic splitting between primary and canary releases.
What are some alternatives?
multus-cni - A CNI meta-plugin for multi-homed pods in Kubernetes
osm - Open Service Mesh (OSM) is a lightweight, extensible, cloud native service mesh that allows users to uniformly manage, secure, and get out-of-the-box observability features for highly dynamic microservice environments.
minikube - Run Kubernetes locally
keda - KEDA is a Kubernetes-based Event Driven Autoscaling component. It provides event driven scale for any container running in Kubernetes
amazon-eks-ami - Packer configuration for building a custom EKS AMI
anthos-service-mesh-packages - Packaged configuration for setting up a Kubernetes cluster with Anthos Service Mesh features enabled
kubelet - kubelet component configs
crossplane - The Cloud Native Control Plane
kind - Kubernetes IN Docker - local clusters for testing Kubernetes
falco - Cloud Native Runtime Security
k3d - Little helper to run CNCF's k3s in Docker
kratos - Your ultimate Go microservices framework for the cloud-native era.